Hi Daan / Alex,
Sorry I missed this change at the time, but it looks problematic to me.
The code is trying to check for a scheme part in the incoming value, and
doesn't add
a scheme if value already has one. Therefore, if the scheme check has a
false positive
(it thinks the value has a scheme, but it doesn't), we are guaranteed to
produce an
invalid URI (no scheme part) and an exception.
I'm pretty sure the current scheme check is invalid given the URI spec, but
definitely
shout if I'm off base.
Here's the check:
if (value.toString().contains(":"))
return new URI(value.toString());
else
return new URI(scheme, value.toString(), null);
"value" in this case is ssp, the Scheme Specific Part (see signature of the
URI
constructor we're using [1]). There are basically no restrictions on the
scheme
specific part of a URI, and certainly no restriction on the presence of
colons.
In fact, many URIs have an authority part in the SSP (e.g. user:password)
which
*requires* a colon [2]. http is another example, where a colon is
used within the
SSP to specify the port.
In summary, it's perfectly valid to have a colon in the scheme specific
part of a URI,
so we shouldn't be creating invalid URIs in that case.
What are we trying to protect against in the first place with the check?
Should we
just remove the check?
Thanks,
Dave.
[1]
http://docs.oracle.com/javase/6/docs/api/java/net/URI.html#URI(java.lang.String,
java.lang.String, java.lang.String)
[2] http://www.ietf.org/rfc/rfc2396.txt
